Professional Documents
Culture Documents
By: Terence Ho
1
Contents
1. Executive summary: ........................................................................................................... 3
2. Introduction ........................................................................................................................ 5
3. Issues arising from Transaction Monitoring ....................................................................... 6
4. Transaction Monitoring: Alert Based and Case Based ....................................................... 8
5. Comparison Between Alert-Based Monitoring and Case-Based Monitoring .................. 10
6. Case Example ................................................................................................................... 14
7. Conclusion ........................................................................................................................ 15
8. Works Cited ...................................................................................................................... 16
2
1. Executive summary:
Over the years, U.S. regulatory agencies such as the Financial Crimes Enforcement Network
(FinCEN), the Office of the Comptroller of the Currency (OCC) and the New York State
Department of Financial Services (NYDFS) have been actively issuing consent orders against
financial institutions that have failed in their responsibility to identify, detect, and report
suspicious transactions. Some of the financial institutions that have been singled out
specifically for deficiencies in transaction monitoring efforts include Wachovia Bank N.A.
(2010),1 HSBC Bank USA N.A. (2012)2 and Commerzbank AG (2015)3 with fines aggregating
to more than $3.5 billion to settle the allegations.
Outside of the U.S., regulators in major financial centers such as London, Hong Kong and
Singapore have demonstrated strong commitments in maintaining the integrity of the country’s
respective financial systems in recent years.
In an enforcement action on October 12, 2016, Mark Steward, the Financial Conduct
Authority’s (FCA) director, said that “Fighting money laundering is an issue of extreme
international importance and ensuring that AML controls are effective and viewed as important
throughout the business are fundamental obligations of all regulated firms.”4
On July 31, 2015, the Hong Kong Monetary Authority (HKMA) took its first disciplinary
action against a financial institution for AML failures. Director-General (Enforcement) of the
HKMA Meena Datwani said, “The HKMA takes such failures seriously and wants to send a
clear message to the industry that all authorized institutions should have effective AML/CFT
systems and controls in place to, among other things, detect and report suspicious transactions
based on their knowledge of their customers.”5
1
From the OCC News Release of March 17, 2010
https://www.occ.gov/news-issuances/news-releases/2010/nr-occ-2010-30a.pdf
2
From FinCEN Assessment of Civil Money Penalty of December 10, 2012
https://www.fincen.gov/sites/default/files/enforcement_action/HSBC_ASSESSMENT.pdf
3
From the New York State Department of Financial Services Press Release of March 12, 2015
http://www.dfs.ny.gov/about/ea/ea150312.pdf
4
Remarks of Mark Steward, Director, Financial Conduct Authority
https://www.fca.org.uk/news/press-releases/fca-imposes-penalties-sonali-bank-uk-limited-money-laundering
5
Remarks of Meena Datwani, Director-General, Hong Kong Monetary Authority
http://www.hkma.gov.hk/eng/key-information/press-releases/2015/20150731-5.shtml
3
On October 11, 2016, a merchant bank was fined S$4.3 million and ordered to cease operations
by the Monetary Authority of Singapore (MAS) for “serious failures in anti-money laundering
controls and improper conduct by senior management.” Ravi Menon, managing director at
MAS, said, “[Financial institutions] must put in place robust mechanisms to detect suspicious
activities... MAS will ensure that standards are kept high and will take strong deterrent actions
against institutions that fall short.”6
The trend seems to suggest that financial institutions are encountering difficulties in managing
the appropriate staffing levels and level of scrutiny in customer’s transactions. While the
appropriate staffing level should be determined by the risk level of the bank’s products and
services, the level of scrutiny into the customer’s transactions can be more effectively handled
by employing a risk-based approach to managing the alerts generated by the monitoring
systems on an account-level basis. This can be achieved by aggregating the generated alerts on
a customer level basis and ensuring customers with the highest perceived risk scorings get the
required attention over others, which are deemed to be of a lower risk.
This white paper provides an alternative approach to handling alert-based monitoring systems
to better enable concentration and efficient use of precious AML expertise in the financial
institutions.
6
Remarks of Ravi Menon, Managing Director, Monetary Authority of Singapore
http://www.mas.gov.sg/News-and-Publications/Media-Releases/2016/MAS-Directs-Falcon-Bank-to-Cease-
Operations-in-Singapore.aspx
4
2. Introduction
After the terrorist attacks on September 11, 2001, government bodies around the world reacted
swiftly by enacting new laws to criminalize money laundering and terrorist financing, provided
regulatory guidance as well as stepping up on supervisory and enforcement actions on financial
institutions whom are viewed as important allies in the prevention of money laundering. The
enactment of the USA PATRIOT Act in the U.S. on October 26, 2001, the record fine imposed
on HSBC Holdings Plc on December 10, 2012, and the formation of dedicated departments to
combat money laundering by the MAS in August 20167 are testaments of the commitments of
the various governments to deter reckless and wilfull blindness behavior in the industry.
Often during inspections, regulators assess whether the AML program of the institution is
effective and ensure that the standards are kept high. Transaction monitoring, which is an
important part of a solid AML program, requires consideration on various factors such as:
Size of institution
Jurisdictions in which the institution operates
Type of business activities
Types of transactions in which its customers engage
A report by Capgemini 8 and BNP Paribas estimated that the total number of non-cash
transactions in 2015 stood at 426.3 billion.9 Assuming Pareto principle holds, the top 20 percent
of the largest financial institutions in the world would have cleared 80 percent of the total
number of wire transfers annually. The number of wires (341 billion) passing through these
large banks would hence be close to 30 billion each month. Further assuming the top 20 percent
of the largest financial institutions stood at 3,000 and we have a transaction to alert the
conversion rate of 1 percent, each financial institution would on average, potentially face up to
100,000 AML alerts arising from 10 million wire transfers to review each month. Of course,
the above figures are based on multiple assumptions which may vary greatly depending on the
various factors mentioned in the previous paragraph. Nevertheless, from the FinCEN
7
Press release by the Monetary Authority of Singapore, 13 June 2016
http://www.mas.gov.sg/News-and-Publications/Media-Releases/2016/MAS-Sets-Up-Dedicated-Departments-
to-Combat-Money-Laundering-and-Strengthen-Enforcement.aspx
8
Capgemini is a consulting firm <https://www.capgemini.com/>
9
2016 World Payments Report by Capgemini and BNP Paribas
https://www.worldpaymentsreport.com/reports/noncash
5
Assessment of Civil Money Penalty of HSBC in 2012,2 it was revealed that the multinational
institution “…processed an average of approximately 25 million wire transfers annually.”
10
United States Senate hearing on HSBC Case History, July 17, 2012
https://www.hsgac.senate.gov/download/report-us-vulnerabilities-to-money-laundering-drugs-and-terrorist-
financing-hsbc-case-history
6
According to an AML survey11 by EY in 2014, Securities Brokerage and Corporate
Banking businesses have SAR conversion rates as low as 1 percent and
alerts worthy of investigation as low as 5 percent. These low value alerts take up
precious bank resources that could otherwise be deployed on more SAR-worthy
investigations.
System suitability
The same AML survey by EY in 2014 found that about 60 percent of the respondents
felt that vendor-built scenarios only partially met their monitoring needs. Each financial
institution varies greatly by the size, customer base, jurisdictions in operation and the
type products and services offered. It is highly unlikely that a one-size-fits-all
monitoring system could be effectively deployed in every financial institution that
purchased the system.
Interestingly, the EY AML survey found that while respondents use a variety of vendor-
supplied transaction monitoring systems, some respondents were utilizing more than one
vendor system in the financial institutions.
Source: Page 14, AML Transaction Monitoring: A Survey of UK Financial Institutions, September 2014
11
AML Transaction Monitoring: A Survey of UK Financial Institutions, September 2014
http://www.ey.com/Publication/vwLUAssets/AML_Transaction_Monitoring_A_Survey_of_UK_Financia.4/$FIL
E/1488612_AML_Transaction_Monitoring_A_Survey_of_UK_Financia.4%20(EMAIL).pdf
7
The finding by EY seems to suggest that having more than one vendor system in the institution
would create synergies, provide better alert coverage and hopefully reduce the risk of missing
suspicious transactions.
The same concept can be applied to the review of AML alerts, which are usually limited to
highlighting transactions performed in a single account belonging to a customer (i.e., account-
level review). When a customer, such as a multinational corporate, has multiple accounts with
the bank across several jurisdictions, these alerts should be reviewed simultaneously on a
customer level basis by aggregating all relevant alerts generated from the various accounts of
the customer (i.e., customer level review) and creating a case for review. In fact, a customer
level review is a consolidated review of all alerts associated with the customer’s accounts that
were generated during a specified period. The consolidated review provides a holistic overview
of the overall customer activity and allows for a more efficient and accurate deployment of
resources.
Depending on a variety of factors, some may choose the first option because it is fuss-free and
requires less investments in time and money. Others may choose option two because chances
are that ready-made products will not fit perfectly because we come in different shapes and
sizes.
Financial institutions in the industry face the same dilemma when deciding on the type of
transaction monitoring system to implement. While the purchase of an alert-based monitoring
system is the most straightforward way out to pass a regulatory exam, they usually come with
a huge percentage of low value alerts (false positives) and finding a truly suspicious alert is
akin to finding a needle in the haystack. On the other hand, financial institutions may consider
building in-house scenarios or a case management system where the scalability and
performance of the system can be tailored exactly to the needs of the business to reduce the
false positives.
Alert-Based Monitoring
8
Most financial institutions tend to rely on third-party vendor systems, which monitor
transactions based on a standard set of rules, scenarios and statistical models which lead to alert
generation. Depending on the internal procedures of the financial institutions, each of these
alerts will be assigned and reviewed by a junior analyst before closing it without further action
or escalating it to the second level for more in-depth investigations. Once the transactions
highlighted by the alert is deemed suspicious, the alert may be closed with a SAR decision or
further escalated to the MLRO.
Case-Based Monitoring
When analyzing the account activity of a customer with high volume of transactions, most
AML professionals rely on data manipulation to make sense of the transactional pattern. Pivot
tables are especially useful to consolidate and present information in a summarized manner,
identifying who is the largest contributor of payments and the frequency of transfers.
Suppose a financial institution has deployed multiple monitoring systems across its lines of
businesses. It has purchased monitoring systems from Vendor A, which has scenarios
specialized for retail banking; Vendor B which is effective for brokerage trade monitoring;
some customized in-house scenarios for specific products of the bank; a system where
employees can file referrals of suspicious activity detected during their daily work and from
media report monitoring.
To integrate all these alerts from the different lines of businesses together, the in-house
developers need to design a case management system to process these alerts according to its
inherent risk score of each scenario as determined by the institution. The alert consolidation
9
stage will group same parties into a single case or parties that are related through party house-
holding (See Figure A).
Customer activity that has been deemed as not suspicious could be entered back into the case
management system via a feedback loop that will suppress or reduce the scoring of similar
alerts generated in the future. This would contribute to the reduction of false positives through
human intelligence in addition to the standard rule tuning process in an alert-based monitoring
set up.
10
it is usually not necessary to conduct a further in-depth review of the customer’s
account.
Speed of review
According to LexisNexis Risk Solutions True Cost of AML Compliance APAC Survey
Report, 12 61 percent of the respondents were able to clear an AML transaction
monitoring alert within one business day (less than eight hours).
12
LexisNexis® Risk Solutions True Cost of AML Compliance APAC Survey Report
http://images.solutions.lexisnexis.com/Web/LexisNexis/%7Bd098bae2-da5c-4613-85af-
a98b17032f49%7D_LN_TrueCostofAML_WP-12.pdf
11
Challenges
13
Sound management of risks related to money laundering and financing of terrorism by BIS
http://www.bis.org/bcbs/publ/d353.pdf
12
referral event can be manually created by any employee of the bank whenever
suspicious activity is detected, such as negative media reports, wire-stripping queries
by customers, enquiries from law enforcement agencies, grand jury subpoenas, etc.
Highly complex
The building of a customized case-based monitoring system in-house is a long term and
highly complex plan that would require significant investments into technology,
infrastructure and human resources. Due to the multiple monitoring systems deployed
in the setup, the data in the respective alerts needs to be standardized into a single source
feed which would allow meaningful consolidation into case.
Challenges
Apart from the large initial investments into technology that would be required, many countries
have different reporting timelines, which mandate the reporting of suspicious transactions
within a specified timeframe (e.g., Philippines require suspicious transactions to be reported
by five working days14). The lapsed time between the transaction date and the actual review
date may lead to a delay in filing a SAR to the relevant authority. This would require the head
of compliance of the financial institution to effectively explain and convince the regulator of
the overall AML strategy and the benefits of a case-based monitoring system.
14
Circular Letter No.CL-2016-065 by Banko Sentral Ng Pilipinas, July 20, 2016
http://www.bsp.gov.ph/downloads/regulations/attachments/2016/cl065.pdf
13
6. Case Example
A corporate customer with three accounts with the bank was highlighted by nine monitoring
alerts between August 7, 2015 and April 122016. The nine alerts are being consolidated into a
case and generated for an analyst to review (see Table 1).
In a case-based monitoring setup, a single analyst only needs to review the customer’s activities
across a combination of alert scenarios, accounts and a wider timeframe (August 7, 2016 to
April 12, 2016) once instead of nine individual alerts. This also ensures efficient use of AML
expertise and provides a holistic understanding of the customer activities across three accounts.
For simplicity, we will examine the consolidated review of the Aggregated Cash Withdrawals
scenario (see Table 2):
In the alert-based monitoring example, individual alerts might be reviewed by three separate
investigators when they are generated from the monitoring system. There is clearly a lack of
information to determine whether the cash withdrawals highlighted in the individual alerts are
14
suspicious and the investigators would have to look back at the prior alerts as well as consider
the historical cash activity of the customer to form a decision.
However, in the case-based monitoring example, the duplication of the work is significantly
reduced. Only a single investigator is required to perform a three-month cash withdrawal
activity review of the customer. A single investigator assigned also ensures that a consistent
approach is being applied when reviewing the same customer. Holistically, the investigator
will also be able to form a better understanding of the customer resulting from an extended
review of the activity.
7. Conclusion
In a recent study by LexisNexis Risk Solutions - True Cost of AML Compliance APAC Survey
Report,12 it was estimated that close to $1.5 billion per year was spent in Asia for AML
compliance at banks. However, transaction monitoring analysis comprised only 9 percent of
costs. The study added that “technology use at AML operations in Asia is still somewhat
immature” because technology costs in Asia make up 19 percent of AML budgets compared
to 81 percent for personnel costs. The study highlights the fact that there is more room for
improvements in the automated transaction monitoring space in financial institutions.
Nevertheless, financial institutions need to thoroughly consider their setup by conducting risk
assessments to determine which system is best suitable for the institution. A local branch office
of a foreign bank may consider an alert-based monitoring system specifically tailored to the
jurisdiction as the best option. However, with increasing pace of change seen in the regulatory
environment, regulators of different countries may expect a direct line of communication and
sharing of information within branches of a large multinational bank. As such, banks should
consider moving toward adopting a case-based monitoring approach and the creation of a
centralized financial intelligence unit which will be responsible in providing a consistent and
holistic review of customer activities across all areas of the bank. The initial cost of investments
required for the setup may be daunting, but the ultimate cost of AML failures would be
spectacular in comparison.
15
8. Works Cited
U.S. Department of Justice, Wachovia Enters Into Deferred Prosecution Agreement, 17
March 2010, <https://www.occ.gov/news-issuances/news-releases/2010/nr-occ-2010-
30a.pdf>
New York State Department of Financial Services, Consent Order Under New York Banking
Law ,12 March 2015, <http://www.dfs.ny.gov/about/ea/ea150312.pdf>
Financial Conduct Authority, FCA imposes penalties on Sonali Bank (UK) Limited and its
former money laundering reporting officer for serious anti-money laundering systems
failings, 12 Oct 2016, <https://www.fca.org.uk/news/press-releases/fca-imposes-penalties-
sonali-bank-uk-limited-money-laundering>
Hong Kong Monetary Authority, Monetary Authority takes disciplinary action against State
Bank of India, Hong Kong Branch for contraventions of specified provisions under the Anti-
Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance, 31
July 2015, <http://www.hkma.gov.hk/eng/key-information/press-releases/2015/20150731-
5.shtml>
LexisNexis Risk Solutions, True Cost of AML Compliance APAC Survey Report, 29 April
2016, <http://images.solutions.lexisnexis.com/Web/LexisNexis/%7Bd098bae2-da5c-4613-
85af-a98b17032f49%7D_LN_TrueCostofAML_WP-12.pdf>
16
Bank for International Settlements, Sound management of risks related to money laundering
and financing of terrorism, February 2016, <http://www.bis.org/bcbs/publ/d353.pdf>
17